On Sat, May 13, 2017 at 2:35 AM, Jamie Lawrence <[email protected]> wrote:
> The key generated by the engine install ended up with a bad CN; it has a > five-digit number appended to the host name, and no SAN. > The 5 random digits are supposed to be OK, and are actually a feature - it ensures uniqueness if you re-generate (most likely reinstall your Engine), as otherwise some browsers fail miserably if a CA cert mismatches what they know. SAN is being worked on - we are aware of Chrome 58 now requiring it. I sincerely hope to see it in 4.1.2 (see https://bugzilla.redhat.com/1449084 ). Y. > I've lived with this through setup, but now I'm getting close to prod use, > and need to clean up so that it is usable for general consumption. And the > SPICE HTML client is completely busted due to this; that's a problem > because we're mostly MacOS on the client side, and the Mac Spice client is > unusable for normal humans. > > I'm wary of attempting to regenerate these manually, as I don't have a > handle on how the keysare used by the various components. > > What is the approved method of regenerating these keys? > > -j > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
